bakaid commented on a change in pull request #610: MINIFICPP-814 - Fixed
ListenHTTP and HTTPClient bugs, created tests f…
URL: https://github.com/apache/nifi-minifi-cpp/pull/610#discussion_r312965763
##########
File path: extensions/http-curl/client/HTTPClient.cpp
##########
@@ -148,6 +161,52 @@ void HTTPClient::setDisableHostVerification() {
curl_easy_setopt(http_session_, CURLOPT_SSL_VERIFYHOST, 0L);
}
+bool HTTPClient::setSpecificSSLVersion(SSLVersion specific_version) {
+#if CURL_AT_LEAST_VERSION(7, 54, 0)
+ CURLcode ret = CURLE_UNKNOWN_OPTION;
+ switch (specific_version) {
+ case SSLVersion::SSLv2:
+ ret = curl_easy_setopt(http_session_, CURLOPT_SSLVERSION,
CURL_SSLVERSION_SSLv2);
Review comment:
I am changing this to exclude SSLv2 and SSLv3, so only outgoing connections
with TLSv1.0, TLSv1.1 and TLSv1.2 will be supported.
However, ListenHTTP's SSLMinimumVersion property (and the underlying
implementation) supports every version from SSLv2 to TLSv1.2. While I
completely agree with the approach of only allowing TLSv1.2 for incoming
connections, this would mean an API change and a deprecation, which I am quite
sure can not be made in 0.6.1 and not sure how it can be made in 0.7.0.
@phrocker What are your thoughts on this?
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
With regards,
Apache Git Services
